claude-code-source-recovery

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The instructions explicitly tell the user to fetch and run remote code (git clone https://github.com/ponponon/claude_code_src and npm install -g https://mirrors.cloud.tencent.com/npm/@anthropic-ai/claude-code/-/claude-code-2.1.88.tgz), which would install and execute a recovered CLI that can run code and directly control agent prompts/behavior, so these URLs constitute runtime external dependencies that execute remote code.